Illinois hack scare mistook own team for Russian spies

Local and Federal blunders have been blamed for the false Illinois hack attack scare in November, described as a “comedy of errors” with investigators mistaking a contractor logging in for remote maintenance for an attack by Russian cyber-criminals. An initial report distributed by the Illinois Statewide Terrorism and Intelligence Center incorrectly assumed a remote log-in by one of the contractors behind the water pump system affected was an aggressive attack, Wired discovered, after he was asked to check data history charts in the Supervisory Control and Data Acquisition system (SCADA) while on holiday in Russia.

That remote access – complete with a Russian IP address – was interpreted as a potential cause of a water pump overheating and burning out, not part of general investigations, and details passed on to the Environmental Protection Agency (EPA) “out of an abundance of caution” according to water district trustee Don Craven. It then made its way to the state terrorism and intelligence team, none of which thought to contact the contractor – whose system username was connected with the IP address – before an initial “Public Water District Cyber Intrusion” report was published. That report blamed Russian hackers for the fault.

However, the Illinois Statewide Terrorism and Intelligence Center has denied responsibility for creating the flawed report in the first place, with a spokesperson claiming that the organization merely distributed rather than authored it. Those actually behind the piece were local representatives from the FBI, DHS and other agencies, it suggests.

Unsurprisingly, the DHS isn’t willing to shoulder the blame so readily, firing back that, had it been responsible for authoring the report, it would have had to been approved by six different agencies. “Because this was an Illinois product, it did not undergo such a review” the organization claims.

It subsequently reviewed the case, and quickly concluded that there was no evidence of Russian hacking. “All of the logs showed that the pump failed for some electrical-mechanical reason” contractor Jim Mimlitz explains, “But it did not have anything to do with the SCADA system.” As for the quoted “glitches” that were also used as evidence of tampering, they were the product of some incorrect network modifications, he believes.

An investigation is now underway to clear up how a leaked copy of the report reached an external cyber-security specialist, though the Illinois Statewide Terrorism and Intelligence Center says it is the job of the DHS, FBI and other agencies to look into how the initial report leapt so quickly to the wrong conclusion.